Skip to end of metadata
Go to start of metadata
Apple recently released updates for iOS and OS X which address a critical vulnerability affecting encrypted communications. This vulnerability could allow an attacker to eavesdrop on connections between you and other parties, disclose personal information or install malicious software. All users of iOS and OS X Mavericks are advised to install the latest system updates as soon as possible.
Who is affected:
Any device or computer running iOS previous to 7.0.6 (or 6.1.6) when communicating over SSL/TLS with any application that uses Apple's secure transport framework (this includes Safari, Mail, Software Update and many more).
An update for iOS has been released. More details here:
The update for iOS 6 is available only for the iPhone 3GS and 4th generation iPods. The iPhone 4 and 4S, which are capable of running iOS 7, are only offered iOS 7.0.6 to address the SSL/TLS bug, even if they are running iOS 6.
Help on updating your iOS device: http://support.apple.com/kb/HT4623
Any device or computer running OS X 10.9 prior to 10.9.2 when communicating over SSL/TLS with any application that uses Apple's secure transport framework (this includes Safari, Mail, Software Update and many more). While the SSL vulnerability was first introduced to iOS in 2012, it only affects Macs running OS X 10.9. Lion and Mountain Lion users are not affected.
An update for OS X has been released for Mavericks (10.9). More details here:
Help on updating your OS X system: http://support.apple.com/kb/HT1338
What to do:
You should update your iOS devices (iPhones, iPads and iPod touches) and OS X Mavericks (10.9) machines as soon as possible from a trusted network. Because the update affects the trust between your device and others (including Apple's update servers), you should not perform software update using a un-trusted network (like a coffee shop, etc.).
Contact your IT support person or the IT helpdesk for assistance with installing and confirming the correct updates.
For other questions, contact firstname.lastname@example.org